DeadLock Ransomware: Smart Contracts for Malicious Purposes


DeadLock is a ransomware family discovered in July 2025. It is notable for not being associated with any known affiliate programs and for lacking a Data Leak Site (DLS). This, combined with the limited number of reported victims, has resulted in low exposure for the group. However, Group-IB specialists have discovered an interesting use of Polygon smart contracts for proxy server address rotation or distribution.

This finding warrants public attention, especially since the abuse of this specific blockchain for malicious purposes has not been widely reported. In addition, the recent discovery of similar techniques show that the abuse of smart contracts for malicious purposes could become an emerging trend.

Read more…
Source: Group IB


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • CrowdStrike fires ‘suspicious insider’ who passed information to hackers

    November 21, 2025

    Cybersecurity giant CrowdStrike has confirmed firing a “suspicious insider” last month who allegedly fed information about the company to a notorious hacking group. A hacking collective known as Scattered Lapsus$ Hunters published screenshots late Thursday and Friday morning in a public Telegram channel that allegedly showed insider access to CrowdStrike systems. The screenshots, which TechCrunch has ...

  • WhatsApp security flaw lets experts scrape 3.5 billion user numbers

    November 21, 2025

    WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints. The researchers were able to ...

  • Logitech Confirms Data Breach After Cl0p, Linked to Oracle E-Business Suite Exploits, Takes Responsibility

    November 20, 2025

    Hardware and software solutions company Logitech has disclosed a data breach that exposed employee, customer, and supplier information. “Logitech International S.A. (“Logitech”) recently experienced a cybersecurity incident relating to the exfiltration of data,” the company stated. Read more… Source: CPO Magazine News Sign up for the Cyber Security Review Newsletter The latest cyber security news and insights delivered right to ...

  • Mac users warned about new DigitStealer information stealer

    November 19, 2025

    This variant comes with advanced detection-evasion techniques and a multi-stage attack chain. Most infostealers go after the same types of data and use similar methods to get it, but DigitStealer is different enough to warrant attention. A few things make it stand out: platform-specific targeting, fileless operation, and anti-analysis techniques. Together, they pose relatively new challenges ...

  • Understanding the future of offensive AI in cybersecurity

    November 19, 2025

    As we step into an era where artificial intelligence (AI) plays an increasingly significant role in cybersecurity, discussions surrounding its offensive capabilities are becoming more prominent. A recent report by Anthropic—a leading AI research lab—has sparked the latest conversation on this topic, with questions raised about their claim that an AI-assisted attack they observed was ...

  • Dutch government is relinquishing control of Chinese-owned chipmaker Nexperia

    November 19, 2025

    The Dutch government said it’s relinquishing control of Chinese-owned chipmaker Nexperia, easing a standoff between China and the Netherlands that threatened supplies of semiconductors vital for global auto manufacturing. Economics Affairs Minister Vincent Karremans said Wednesday that he was suspending an earlier order to take control of Nexperia under a rarely invoked law. Read more… Source: ABC News Sign ...